revert changes to DH param gen. MPI does compute q=2p+1 for strong primes, but returns q not p. #ifdef in rsa for testing mp_exptmod_d vs. mp_exptmod, mp_exptmod is considerably faster.

2000-09-22 16:24:16 +00:00 · 2000-09-22 16:24:16 +00:00 · cae70ded34
--- a/security/nss/lib/freebl/dh.c
+++ b/security/nss/lib/freebl/dh.c
@ -48,7 +48,7 @@ DH_GenParam(int primeLen, DHParams **params)
 {
    PRArenaPool *arena;
    DHParams *dhparams;
-    unsigned char *qb = NULL;
+    unsigned char *pb = NULL;
    unsigned char *ab = NULL;
    unsigned long counter = 0;
    mp_int p, q, a, h, psub1, test;
@ -83,15 +83,15 @@ DH_GenParam(int primeLen, DHParams **params)
    CHECK_MPI_OK( mp_init(&psub1) );
    CHECK_MPI_OK( mp_init(&test) );
    /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
-    qb = PORT_Alloc(primeLen);
+    pb = PORT_Alloc(primeLen);
-    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(qb, primeLen) );
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
-    qb[0]          |= 0x80; /* set high-order bit */
+    pb[0]          |= 0x80; /* set high-order bit */
-    qb[primeLen-1] |= 0x01; /* set low-order bit  */
+    pb[primeLen-1] |= 0x01; /* set low-order bit  */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&q, qb, primeLen) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) );
-    CHECK_MPI_OK( mpp_make_prime(&q, primeLen * 8, PR_TRUE, &counter) );
+    CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) );
-    /* construct Sophie-Germain prime p = 2q + 1. */
+    /* construct Sophie-Germain prime q = (p-1)/2. */
-    CHECK_MPI_OK( mp_mul_2(&q, &psub1)    );
+    CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
-    CHECK_MPI_OK( mp_add_d(&psub1, 1, &p) );
+    CHECK_MPI_OK( mp_div_2(&psub1, &q)    );
    /* construct a generator from the prime. */
    ab = PORT_Alloc(primeLen);
    do {
@ -116,7 +116,7 @@ cleanup:
    mp_clear(&h);
    mp_clear(&psub1);
    mp_clear(&test);
-    if (qb) PORT_ZFree(qb, primeLen);
+    if (pb) PORT_ZFree(pb, primeLen);
    if (ab) PORT_ZFree(ab, primeLen);
    if (err) {
 	MP_TO_SEC_ERROR(err);
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@ -77,3 +77,4 @@ CSRCS = \
 	$(NULL)
 endif
 #DEFINES += -DUSE_MPI_EXPT_D
--- a/security/nss/lib/freebl/rsa.c
+++ b/security/nss/lib/freebl/rsa.c
@ -30,7 +30,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: rsa.c,v 1.14 2000-09-19 06:18:04 mcgreer%netscape.com Exp $
+ * $Id: rsa.c,v 1.15 2000-09-22 16:24:16 mcgreer%netscape.com Exp $
 */
 #include "secerr.h"
@ -275,20 +275,17 @@ RSA_PublicKeyOp(RSAPublicKey  *key,
    modLen = rsa_modulusLen(&key->modulus);
    /* 1.  Obtain public key (n, e) */
    SECITEM_TO_MPINT(key->modulus, &n);
 #ifdef USE_MPI_EXPT_D
    /* XXX convert exponent to mp_digit */
 #else
    SECITEM_TO_MPINT(key->publicExponent, &e);
 #endif
    /* 2.  Represent message as integer in range [0..n-1] */
    CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) );
    /* 3.  Compute c = m**e mod n */
 #ifdef USE_MPI_EXPT_D
    /* XXX see which is faster */
-    CHECK_MPI_OK( mp_exptmod_d(&m, exp, &n, &c) );
+    if (MP_USED(&e) == 1) {
-#else
+	CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) );
-    CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
+    } else
 #endif
    CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
    /* 4.  result c is ciphertext */
    err = mp_to_fixlen_octets(&c, output, modLen);
    if (err >= 0) err = MP_OKAY;